In an interview with a major newspaper in her home country, Germany’s justice minister said on Monday that she favored even stronger European Union rules that would enhance data protection. And Sabine Leutheusser-Schnarrenberger took her stance even further: "United States companies that don't abide by these standards [they] should be denied doing business in the European market."

Leutheusser-Schnarrenberger told Die Welt (Google Translate) that Germany—which has longstanding tough data protection standards—should be the yardstick for the entire 28-nation bloc. The justice minister did not elaborate as to what envisioned penalties would look like. And sure, it seems highly unlikely that Germany would be able to ban a large American tech company like Google or Facebook, both of which have been named in recent leaks as companies that provide information to the National Security Agency.

On Monday, in another interview with the same newspaper (Google Translate), German High Court Justice Hans-Jürgen Papier defended the German government’s relationship with the American spy services. He said that a country has a "basic responsibility to protect its citizens from the attacks of foreign powers" but noted that a state "can only be responsible for doing things that it has the legal power, and is able, to do."

Still, Justice Papier said that the data Snowden revealed is “frightening.”

“I did not expect that spying can take those dimensions,” he added, noting that he supported efforts to create a “comprehensive and effective data protection agreement” that would “apply worldwide.”

From Snowdenplatz to SIGADs

In Germany, Snowden has received some public support in recent weeks. A plaza adjacent to the well-known Cologne cathedral has now been dubbed “Snowdenplatz,” or “Snowden plaza,” according to a fake street sign (Google Translate). Last month, a German man organized a satirical walk to “visit” a suspected NSA facility in southwestern Germany—and he was visited by the police soon after.

Germany’s cooperation has come under renewed scrutiny over the last few days as its foreign intelligence service, known as the BND, was discovered providing the NSA with substantial amounts of metadata.

The Snowden documents mention two data collection sites known as signals intelligence activity designators (SIGADs), through which the controversial US intelligence agency gathered about 500 million pieces of metadata in December 2012 alone. The code names cited in the documents are "US-987LA" and "US-987LB." The BND now believes that the first code name stands for Bad Aibling.

Day after day and month after month, the BND passes on to the NSA massive amounts of connection data relating to the communications it had placed under surveillance. The so-called metadata—telephone numbers, email addresses, IP connections—then flow into the Americans' giant databases.

57 Reader Comments

Indeed, it seems highly unlikely that Germany would be able to ban a large American tech company like Google or Facebook

Both Facebook and Google run their non-US operations through subsidiaries in Ireland, making them subject to EU law. So while Germany might not be able to ban either of them from doing business in Europe, the EU certainly could.

I think a ban is less likely than a revocation of the United States' 'safe harbour' status - which allows companies to transfer EU citizens' personal data to servers in the United States without violating the usual 'no transfer outside EU' rule in our privacy law.

Call me cynical but this seems more like an attempt at PR damage control to show people in public that they are working to protect their privacy, while behind the scenes they keep doing what they were doing. She doesn't mention anything about government data-sharing which is the biggest kicker.

Google and Facebook SHOULD be included...even if it causes disruption in people's lives. Until this has a MONETARY effect on US companies, they will continue to be complicit in the government's overreaching spying and surveillance programs. Hit them in the wallet, and they will think twice the next time the NSA comes knocking!

Call me cynical but this seems more like an attempt at PR damage control to show people in public that they are working to protect their privacy, while behind the scenes they keep doing what they were doing.

Now, if being forced, in public, to be Shocked, shocked that clandestine abuses are taking place here causes them to actually stop assisting, I'll take that as a practical benefit. Even better if they make US spying hurt the bottom lines of corporations who probably have more rights (and definitely have more lobbyists) than Joe Sixpack.

It won't regain them any moral high ground, and I'm pessimistic about it even involving real action; but even cynical progress counts, if it does require real action to pretend.

Call me cynical but this seems more like an attempt at PR damage control to show people in public that they are working to protect their privacy, while behind the scenes they keep doing what they were doing. She doesn't mention anything about government data-sharing which is the biggest kicker.

Call me more cynical but I don't even think it's that they want to show that they're working on anything as much as they hope that they can use the existence of their privacy laws like a shield. Though, yeah, funny that the European governments didn't breathe a word to the public when the NSA gave them all that data.

it doesn't matter in which highly industrialized country you live, ALL of them governments spy on their own and not own residents and citizens.....either by doing it themselves or through 3rd party affiliates. Don't blame Google, Facebook and such alikes. The government knocks at their door, tells them how shit is going to be run, or else they face severe political roadblocks that'll impede them running as a corporation. At those levels EVERY company has shit on their sticks. No. Matter. What. And. Who. And that's being used as leverage. Not to mention that certain passages in the patriot act explicitly "forbid under legal prosecution threat" to even talk about that someone got hit with such "search-n-sniff" activities.

Call me cynical but this seems more like an attempt at PR damage control to show people in public that they are working to protect their privacy, while behind the scenes they keep doing what they were doing. She doesn't mention anything about government data-sharing which is the biggest kicker.

Call me more cynical but I don't even think it's that they want to show that they're working on anything as much as they hope that they can use the existence of their privacy laws like a shield. Though, yeah, funny that the European governments didn't breathe a word to the public when the NSA gave them all that data.

In this case the cynicism is misplaced because it is based on the wrong context. In Anglo countries with direct or indirect clones of the Westminster first past the post system of government it may be that a member of a small party have no chance of influence. That is not the case in Germany because even a small shift in the polls for the upcoming elections can mean a new government. It can also means a change in the balance of power between the constituent parties of the current government.

What you don't know, because Ars doesn't even know German and uses the execrable Google translate to get information across, which makes me think that nobody knows anything about the German situation, is that this minister is one of the good guys.

Leutheusser-Schnarrenberger actually has a record of consistency of defending privacy. Her party the Free Democrats is more wishy-washy yes, but she actually resigned from the party over privacy matters, and only came back when the party groveled. The Free Democrats are more classical liberal slash libertarian, with a sprinkling of social liberals. Leutheusser-Schnarrenberger leads the social liberal wing of this party.

So, it is probably more a matter that the minister and the party is seeing an opportunity to push in a direction she and the party wants to go in. It is a tactical choice to seize an opportunity that was not there before Snowden. Going to Merkel and saying “BND is being bad” before Snowden would have been met by a shrug. Today? Today Angela Merkel reads the same pollings that this minister does, and doesn't want the shift in opinion to occur because a shift in the opinion can at best lead to the Free Democrats growing more powerful within the coalition, or it can mean that the 'reds' become the government.

So, that a junior partner in the coalition in an election year sees room to stand up and say this is probably quite a big deal. Merkel can't very well smack her down, even though she would want to. And since it is the 'secretary of state' saying it, it has a whole lot of weight to it. The minister has a vote in the Council of Ministers and can propose things to the Council of Ministers and can bring things up there. That's big. It's neither the commission nor parliament that runs the EU. It's the Council.

it doesn't matter in which highly industrialized country you live, ALL of them governments spy on their own and not own residents and citizens.....either by doing it themselves or through 3rd party affiliates. Don't blame Google, Facebook and such alikes. The government knocks at their door, tells them how shit is going to be run, or else they face severe political roadblocks that'll impede them running as a corporation. At those levels EVERY company has shit on their sticks. No. Matter. What. And. Who. And that's being used as leverage. Not to mention that certain passages in the patriot act explicitly "forbid under legal prosecution threat" to even talk about that someone got hit with such "search-n-sniff" activities.

Some corporations manage to provide end to end encryption and the Feds just lump it. Carbonite for example

I defy anyone to show me how a public company can be sanctioned in a secret court. Say Amazon tells the Feds FU. Throwing Jeff Bezos in jail will attract attention. So will a financial fine.

Being in contempt of a secret court is as easy as talking to the dead. Being sanctioned by a secret court is as likely as getting the dead to speak to you.

In this case the cynicism is misplaced because it is based on the wrong context. In Anglo countries with direct or indirect clones of the Westminster first past the post system of government it may be that a member of a small party have no chance of influence. That is not the case in Germany because even a small shift in the polls for the upcoming elections can mean a new government. It can also means a change in the balance of power between the constituent parties of the current government.

However, the history in Germany has been that no matter who gets elected, they do what the USA tells them. The FDP has been part of very many ruling coalitions and is more than knee deep in the Scheiße already.

Back before the reunification of Germany (2+4 treaty), it was crystal clear -- Germany was still officially under a military government, and whenever the new Federal Government took office, they were told that their entire government, and the basic law itself possessed authority only to the extent that the allies wished to permit.

Now that's supposedly not the case anymore. Supposedly Germany is sovereign now. But who knows what kind of secret treaties were signed in 1990? Germany was supposed to have a constitution now, but still doesn't. Why?

it doesn't matter in which highly industrialized country you live, ALL of them governments spy on their own and not own residents and citizens.....either by doing it themselves or through 3rd party affiliates. Don't blame Google, Facebook and such alikes. The government knocks at their door, tells them how shit is going to be run, or else they face severe political roadblocks that'll impede them running as a corporation. At those levels EVERY company has shit on their sticks. No. Matter. What. And. Who. And that's being used as leverage. Not to mention that certain passages in the patriot act explicitly "forbid under legal prosecution threat" to even talk about that someone got hit with such "search-n-sniff" activities.

Some corporations manage to provide end to end encryption and the Feds just lump it. Carbonite for example

I defy anyone to show me how a public company can be sanctioned in a secret court. Say Amazon tells the Feds FU. Throwing Jeff Bezos in jail will attract attention. So will a financial fine.

Being in contempt of a secret court is as easy as talking to the dead. Being sanctioned by a secret court is as likely as getting the dead to speak to you.

If you think Carbonite won't give your datas up if presented with a warrant then you really don't understand the laws and should just be quiet, they and the others making claims to nit have given datas haven't been froced to by a warrant, yet, or more likely are blatantly lying to you

The Snowdenplotz link was just hilarious. Translation software is clearly a work in progress.

"The Kremlin is silent until now to Snowden's asylum and tries to downplay the situation. The foreign policy advisor to President Putin, Yuri Ushakov, met with the U.S. Ambassador Michael McFaul and spoke with him about the new status of Snowden. On the results of the meeting, however, he shared with anything."

I can't imagine this proposal, even if it becomes reality, will have the impact people seem to think it will. It's true, Europe has somewhat better data protection laws than the US...in terms of corporate limitations. But European law, so far as I know, doesn't prevent governments from accessing data hosted by companies in their country using lawful means. It doesn't seem at all obvious to me that abiding by European data protection laws would make your data hosted by Google any safer from the US government than it is right now, any more than hosting your data in Europe makes it safe from European governments.

To be honest, the European privacy laws seem like marketing more than anything else when it comes to government access. This is certainly true for Americans, for whom moving their data to Europe because of fears of government intrusion does not seem like a privacy upgrade.

It would be interesting to be proven wrong on this, but so far European data privacy laws seem to be treated as more of a magical talisman than something with concrete backing behind it. I'm well aware of their laws on corporate access to private information, and I honestly think we should take a page out of their book here in the US on that, but the government angle seems way less supported.

Imagine by any chance that Germany "forced" Google and Facebook to give all the data about "selected" US citizens. And then some whistle-blower shows up telling the world all about it. What would US do. Many would go berserk and call to arms, other would make Nazi and Stasi comparisons. The most polite ones would think like economists - ban offending companies.

Google and Facebook SHOULD be included...even if it causes disruption in people's lives. Until this has a MONETARY effect on US companies, they will continue to be complicit in the government's overreaching spying and surveillance programs. Hit them in the wallet, and they will think twice the next time the NSA comes knocking!

What you don't know, because Ars doesn't even know German and uses the execrable Google translate to get information across, which makes me think that nobody knows anything about the German situation, is that this minister is one of the good guys.

Leutheusser-Schnarrenberger actually has a record of consistency of defending privacy. Her party the Free Democrats is more wishy-washy yes, but she actually resigned from the party over privacy matters, and only came back when the party groveled. The Free Democrats are more classical liberal slash libertarian, with a sprinkling of social liberals. Leutheusser-Schnarrenberger leads the social liberal wing of this party.

I can only agree with that and wanted to add two things:1) Leutheusser-Schnarrenberger has stood against the rest of the government before when it came to the privacy vs security tradeoff, for example she's the major roadblock in the German implementation of the EU data retention directive.2) Even Germans think that Leutheusser-Schnarrenberger is a terribly long name.

Google and Facebook SHOULD be included...even if it causes disruption in people's lives. Until this has a MONETARY effect on US companies, they will continue to be complicit in the government's overreaching spying and surveillance programs. Hit them in the wallet, and they will think twice the next time the NSA comes knocking!

You seem to think that complying with government orders is voluntary.

And? If compliance with one government's orders puts you in conflict with another government, then you have a problem. You have to satisfy both, or face whatever penalty comes your way.

Still, since a lot of companies run their EU subsidiaries from an EU office, their first allegiance is to the local laws. The US government cannot ask a foreign company (that's essentially what these subsidiaries are) to break local laws.

If you can't abide by the laws where you do business, then either change your business or leave the country. jnemesh is being reasonable.

Who'd have imagined that multi-national companies might run into problems through their sheer scale and reach?

(edit)

I see I've been up- and down-voted, so I'll spell out what I was being too oblique about.

US Companies set up a subsidiary overseas often for taxation reasons, to avoid the costs of repatriating money and to take full advantage of tax laws written for the advantage of that country. Once they've done that, they're subject to local laws. They can't get the tax benefits without also having the responsibility of following the laws.

If they can't make both work, then either they must change their company or shut it down.

Is it fair that a company set up in a country has to obey the laws of that country (or region)?

Germany was supposed to have a constitution now, but still doesn't. Why?

Mainly because it has had a working constitution for more than 60 years now called the "Grundgesetz". Seriously, I don't buy the secret military government stuff and if it still was we would have been involved in successful projects like Iraq. People in Germany really are quite worried about privacy, that's all.

In this case the cynicism is misplaced because it is based on the wrong context. In Anglo countries with direct or indirect clones of the Westminster first past the post system of government it may be that a member of a small party have no chance of influence. That is not the case in Germany because even a small shift in the polls for the upcoming elections can mean a new government. It can also means a change in the balance of power between the constituent parties of the current government.

What you don't know, because Ars doesn't even know German and uses the execrable Google translate to get information across, which makes me think that nobody knows anything about the German situation, is that this minister is one of the good guys.

Leutheusser-Schnarrenberger actually has a record of consistency of defending privacy. Her party the Free Democrats is more wishy-washy yes, but she actually resigned from the party over privacy matters, and only came back when the party groveled. The Free Democrats are more classical liberal slash libertarian, with a sprinkling of social liberals. Leutheusser-Schnarrenberger leads the social liberal wing of this party.

So, it is probably more a matter that the minister and the party is seeing an opportunity to push in a direction she and the party wants to go in. It is a tactical choice to seize an opportunity that was not there before Snowden. Going to Merkel and saying “BND is being bad” before Snowden would have been met by a shrug. Today? Today Angela Merkel reads the same pollings that this minister does, and doesn't want the shift in opinion to occur because a shift in the opinion can at best lead to the Free Democrats growing more powerful within the coalition, or it can mean that the 'reds' become the government.

So, that a junior partner in the coalition in an election year sees room to stand up and say this is probably quite a big deal. Merkel can't very well smack her down, even though she would want to. And since it is the 'secretary of state' saying it, it has a whole lot of weight to it. The minister has a vote in the Council of Ministers and can propose things to the Council of Ministers and can bring things up there. That's big. It's neither the commission nor parliament that runs the EU. It's the Council.

It still doesn't matter. politicians are re-elected (or not) every 4 years. those three-to-five letter agencies, they stay(!) and continue their 'modus operandi' - they may have to make some lip services towards the public or to whomever is (supposedly) steering the political ship currently, but at the end of the day/the week/ the month/the year/the election cycle, nothing really changes.

Well this proposal is morally good but unenforceable. Any American company can be subject to allow the wiretapping at the whim of a "secret court" or whatever they call it, AND they are ordered to stay quiet.

So it's not like any American company can give anyone a solid proof that they will not comply with their own laws (they can't). Even if a random company currently is not helping the NSA, at any time later they might be served that secret thing and be forced to let them spy the traffic, plus they can't say a thing, cut the service or do whatever that might alert in any means that this is taking place.

The American laws are especially morbid against foreigners, we don't have any rights or freedoms, the NSA can spy and record all our private lives they want. The people there are only now starting to get a little outraged when they learned the spying included themselves.

And yes, the German gov is cooperating, aiding the intrusion, and many more in Europe and worldwide.

The NSA represents worldwide intrusion. But remember, the agency itself is a tool, there is a State behind it that made this policy and put it in place for decades or even centuries. They barely care for their citizen (often not), but they care nothing about us, the rest of the world, subjected to these peeps.

If it wasn't for people like Snowden most Americans would still not even know they live in a police state.

With the current furor it is easy to forget the long-standing privacy violations; these also need to stop, and in many cases, it's the European governments that must be held accountable. To take one of the most egregious examples, the US monitors all SWIFT banking transactions within Europe. Information on the financial transactions of European individuals and companies is none of the American's business.

Germany was supposed to have a constitution now, but still doesn't. Why?

Mainly because it has had a working constitution for more than 60 years now called the "Grundgesetz". Seriously, I don't buy the secret military government stuff and if it still was we would have been involved in successful projects like Iraq. People in Germany really are quite worried about privacy, that's all.

Germany was legally under a military government until the 2+4 treaty was signed. Your Grundgesetz it's called that and not Verfassung because West Germany was not permitted by the allies to write a constitution (Verfassung) at its founding because it was not a sovereign state.

It is already known that chancellors of the old Bundesrepublik were required to recognize the subordination of their office and of the Grundgesetz to the allied powers at the time of their inauguration in office. This was all supposed to change after the reunification of Germany and the signing of a peace treaty. That is the purpose of article 146 of the Grundgesetz.

Yet it has not changed. Why?

Like I said. We do not know if there were conditions placed on the signing of the 2+4 treaty. We do not know whether Germany placed itself under the obligation to collect intelligence for the US and serve as an intelligence gathering hub for US intelligence services.

I understand that the German people are uneasy about the recent revelations of German complicity with NSA intelligence gathering, but that may not matter -- no matter who is elected.

Google and Facebook SHOULD be included...even if it causes disruption in people's lives. Until this has a MONETARY effect on US companies, they will continue to be complicit in the government's overreaching spying and surveillance programs. Hit them in the wallet, and they will think twice the next time the NSA comes knocking!

You seem to think that complying with government orders is voluntary.

Tell the NSA "the users encrypt their own data" and hand them a large SETI file. Let the NSA find something meaningful in there, and make themselves useful for a change.

Germany was supposed to have a constitution now, but still doesn't. Why?

Mainly because it has had a working constitution for more than 60 years now called the "Grundgesetz". Seriously, I don't buy the secret military government stuff and if it still was we would have been involved in successful projects like Iraq. People in Germany really are quite worried about privacy, that's all.

Plus, we *were* involved in projects like Iraq, officially, on the order of 18 billion DM of taxpayer money, plus serving as a logistics hubs for US forces, plus supplying AWACS aircraft and Fuchs tanks.

Also, don't know about Irak, but ex Bundeswehr soldiers have told me that Bundeswehr was indeed involved in covert wars in Afghanistan against the Soviets in the 1980s, and against Serbia in the mid-1990s, without the public learning anything about it. No, I'm not able to verify these stories, but I didn't have any reason to doubt them either.

Yes, some of us may be worried about their privacy, but this is of little consequence because whatever party you vote for, it's a safe bet, based on 65 years of post-war records (Foschepoth interview), that the government formed by those parties will comply with Big Brother overseas, just like the DDR government complied with Moscow.

I am no fan of Facebook, Google or whatever the name of your favorite voyeur is. But if one is genuinely concerned about privacy, the only credible solution is to stop using those services. Arguing that European companies are more moral or that legislation would work is naive to say the least.

I am no fan of Facebook, Google or whatever the name of your favorite voyeur is. But if one is genuinely concerned about privacy, the only credible solution is to stop using those services. Arguing that European companies are more moral or that legislation would work is naive to say the least.

You should read the article. European companies are bound by stricter privacy laws.

Europe has somewhat better data protection laws than the US...in terms of corporate limitations. But European law, so far as I know, doesn't prevent governments from accessing data hosted by companies in their country using lawful means.

The US government's current interpretation of the law is that they're allowed to access any and all data stored on any company server, without any warrant if the company cooperates and with a warrant if the company does not cooperate.

I'm not up with european law, but since they do not allow the data to be stored on the server in the first place, it doesn't matter. The government cannot access data that doesn't exist.

I have mixed feelings about this proposal. On the one hand I dislike the idea that a single country can dictate how companies all around the world must operate. But on the other hand, I wish every country in the world would implement the kind of privacy laws germany has.

I can't imagine this proposal, even if it becomes reality, will have the impact people seem to think it will. It's true, Europe has somewhat better data protection laws than the US...in terms of corporate limitations. But European law, so far as I know, doesn't prevent governments from accessing data hosted by companies in their country using lawful means. It doesn't seem at all obvious to me that abiding by European data protection laws would make your data hosted by Google any safer from the US government than it is right now, any more than hosting your data in Europe makes it safe from European governments.

To be honest, the European privacy laws seem like marketing more than anything else when it comes to government access. This is certainly true for Americans, for whom moving their data to Europe because of fears of government intrusion does not seem like a privacy upgrade.

It would be interesting to be proven wrong on this, but so far European data privacy laws seem to be treated as more of a magical talisman than something with concrete backing behind it. I'm well aware of their laws on corporate access to private information, and I honestly think we should take a page out of their book here in the US on that, but the government angle seems way less supported.

EU law can't control when data is accessed through legal means, but it can influence what constitutes "legal" in member states and can also control what data companies are legally permitted to store in the first place. Legal orders for companies to provide data are all very well, but the data needs to actually be stored for them to provide it

It still doesn't matter. politicians are re-elected (or not) every 4 years. those three-to-five letter agencies, they stay(!) and continue their 'modus operandi' - they may have to make some lip services towards the public or to whomever is (supposedly) steering the political ship currently, but at the end of the day/the week/ the month/the year/the election cycle, nothing really changes.

While technically true, the politicians do have control over the purse strings for those three-to-five letter agencies. If a politician really wanted to stop them doing something they could propose a bill to defund the agency unless it fulfilled certain criteria

Any EU legislation in this regard would be vetoed by David Cameron. Such an action would be heralded in the British press (possibly with the exception of The Guardian) as a heroic stand against Euro-centric and/or socialist meddling (which is a narrative that has decades of momentum behind it, so trumps any other consideration.)